Senior Cybersecurity Analyst - Vulnerability Management - Florida Power and Light Company West Palm Beach, FL, USA Bookmark Share Print 1226 0 1

Listing Description

This position will reside in the Cybersecurity & Technology Risk – Threat Defense Service team. The candidate will be expected to conduct on-going vulnerability management operations that include discovery, risk assessment and classification, and remediation tracking. The successful candidate will be one that possess the below mentioned technical capabilities and the business acumen required to coordinate and collaborate with senior stakeholders external to the team. This position will also be required to execute development operations and program improvement that include technology integrations, automation orchestration, and deployment of new discovery capabilities.  

Duties:

• Follow the NIST Risk Management Framework to continuously assess, prioritize, and address internal and external vulnerabilities.
• Interact with and advise a diverse group of senior stakeholders throughout the company to orchestrate controls and mitigation strategies for identified vulnerabilities.
• Maintain records and evaluate metrics pertaining to status of remediation efforts and company vulnerability profile at any given time.
• Develop and present briefings to various levels of leadership on work efforts, process development and implementation, and organizational vulnerability status.
• Advise management on vulnerability prioritization based on risk assessments and measures to mitigate threats to systems and networks.
• Provide guidance, requirements, and expectations for actions regarding security issues to ensure agreement among stakeholders on methods, procedures, and objectives for implementing and assessing the effectiveness of mitigations.
• Ensure that security improvement actions are evaluated, validated, and implemented as required.
• Track and report to leadership noncompliance to security requirements. 
• Provide input for process development on the execution of the vulnerability management lifecycle as it applies to daily operations.
• Research emerging exploits, pre-CVE vulnerabilities, and analyze malware and threat campaigns to identify potential vulnerabilities to preemptively identify exposure and risk to business operations.
• Develop an intimate understanding of company networks, architecture, and assets, and serve as a primary contact for expertise on technical matters.

Required:

• Thorough understanding of the Vulnerability Management Lifecyle and the Intelligence Lifecycle relating to cybersecurity operations.
• In-depth knowledge of cybersecurity standards and best practices: endpoints, operating systems, network devices and architecture, communication protocols, wireless, virtualization, cloud computing.
• Advanced understanding of internet and WAN technology.
• Detailed knowledge or experience in Computer Network Attack (CNA) and Red Team concepts: reconnaissance, malware delivery and functionality, attack methodologies. 
• Knowledge of OT, ICS, SCADA, and RTOS, particularly in relation to interconnectivity with traditional IT networks.
• Experience with vulnerability scanning , assessment, and research tools (Nessus, Nexpose, Qualys, Tanium, Shodan, etc.) 
• Ability to communicate technical topics and details involving computer vulnerabilities to both highly technical and layman audiences. 
• Ability to write technical reports and articulate complex subjects in simplified, easily understandable ways, free of analytical and grammatical errors. 
• Excellent skills with Microsoft Office products (Word, PowerPoint, Outlook, Excel, Teams). 

Desired Training and Certifications:

• Programming experience (language agnostic)
• Joint Cyber Analysis Course (JCAC)
• GIAC Enterprise Vulnerability Assessor (GEVA)
• GIAC Assessing and Auditing Wireless Networks (GAWN)
• GIAC Reverse Engineering Malware (GREM)